Update ubi to configure kubedock and podman (#179)

Add podman, buildah, skopeo, fuse and kubedock functionality from developer image to base image

Signed-off-by: David Kwon <[email protected]>

README.md

@@ -15,12 +15,13 @@ $ docker run -ti --rm \
        quay.io/devfile/base-developer-image:ubi8-latest \
        bash
 ```
-### Included Developement Tools
+### Included Development Tools
 
 | Tool                | ubi8 based image                    |
 |---------------------|-------------------------------------|
 | `bash`              |`bash`                               |
 | `bat`               |`<gh releases>`                      |
+| `buildah`           |`buildah`                            |
 | `curl`              |`curl`                               |
 | `ps`                |`ps`                                 |
 | `diff`              |`diffutils`                          |
@@ -32,13 +33,15 @@ $ docker run -ti --rm \
 | `ip`                |`iproute`                            |
 | `jq`                |`jq`                                 |
 | `htop`              |`NOT AVAILABLE (fedora only)`        |
+| `kubedock`          |`<gh releases>`                      |
 | `less`              |`less`                               |
 | `lsof`              |`lsof`                               |
 | `man`               |`man`                                |
 | `nano`              |`nano`                               |
 | `netcat`            |`NOT AVAILABLE`                      |
 | `netstat`           |`net-tools`                          |
 | `openssh-client`    |`openssh-clients`                    |
+| `podman`            |`podman`                             |
 | `7z`                |`p7zip-plugins`                      |
 | `ripgrep`           |`<gh releases>`                      |
 | `rsync`             |`rsync`                              |
@@ -50,6 +53,7 @@ $ docker run -ti --rm \
 | `sudo`              |`sudo`                               |
 | `ss`                |`NOT AVAILABLE`                      |
 | `ssl-cert`          |`NOT AVAILABLE`                      |
+| `stow`              |`stow`                               |
 | `tail`              |`<built in>`                         |
 | `tar`               |`tar`                                |
 | `time`              |`time`                               |
@@ -59,7 +63,25 @@ $ docker run -ti --rm \
 | `wget`              |`wget`                               |
 | `zip`               |`zip`                                |
 | `zsh`               |`NOT AVAILABLE (fedora only)`        |
-| **TOTAL SIZE**      | **412MB** (143MB compressed)        |
+| **TOTAL SIZE**      | **903MB** (341MB compressed)        |
+
+### Extending the base image
+When extending the base image, `source kubedock_setup` should be called in the new image's entrypoint to set up kubedock support. This sets up a wrapper for podman to use kubedock for the following podman commands if the `KUBEDOCK_ENABLED` env variable is set to `true`:
+```
+podman run
+podman ps
+podman exec
+podman cp
+podman logs
+podman inspect
+podman kill
+podman rm
+podman wait
+podman stop
+podman start
+```
+
+An example is available in the Universal Developer Image dockerfile [here](https://github.com/devfile/developer-images/blob/main/universal/ubi8/entrypoint.sh#L3).
 
 ## Developer Universal Image
 

base/ubi8/Dockerfile

@@ -28,6 +28,12 @@ RUN dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.n
                    perl-Digest-SHA net-tools openssh-clients rsync socat sudo time vim wget zip stow && \
                    dnf clean all
 
+## podman buildah skopeo
+RUN dnf -y module enable container-tools:rhel8 && \
+    dnf -y update && \
+    dnf -y reinstall shadow-utils && \
+    dnf -y install podman buildah skopeo fuse-overlayfs
+
 ## gh-cli
 RUN \
     TEMP_DIR="$(mktemp -d)"; \
@@ -91,6 +97,50 @@ RUN \
     cd - && \
     rm -rf "${TEMP_DIR}"
 
+
+# Define user directory for binaries
+RUN mkdir -p /home/tooling/.local/bin && \
+    chgrp -R 0 /home && chmod -R g=u /home && chown -R 10001 /home/tooling
+ENV PATH="/home/user/.local/bin:$PATH"
+ENV PATH="/home/tooling/.local/bin:$PATH"
+
+# Set up environment variables to note that this is
+# not starting with usernamespace and default to
+# isolate the filesystem with chroot.
+ENV _BUILDAH_STARTED_IN_USERNS="" BUILDAH_ISOLATION=chroot
+
+# Tweaks to make rootless buildah work
+RUN touch /etc/subgid /etc/subuid  && \
+    chmod g=u /etc/subgid /etc/subuid /etc/passwd  && \
+    echo user:10000:65536 > /etc/subuid  && \
+    echo user:10000:65536 > /etc/subgid
+
+# Adjust storage.conf to enable Fuse storage.
+RUN sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' /etc/containers/storage.conf
+RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers; \
+    touch /var/lib/shared/overlay-images/images.lock; \
+    touch /var/lib/shared/overlay-layers/layers.lock
+
+# But use VFS since not all environments support overlay with Fuse backend
+RUN mkdir -p "${HOME}"/.config/containers && \
+   (echo '[storage]';echo 'driver = "vfs"') > "${HOME}"/.config/containers/storage.conf && \
+   chown -R 10001 "${HOME}"/.config
+
+# Add kubedock
+ENV KUBEDOCK_VERSION 0.15.5
+ENV KUBECONFIG=/home/user/.kube/config
+RUN curl -L https://github.com/joyrex2001/kubedock/releases/download/${KUBEDOCK_VERSION}/kubedock_${KUBEDOCK_VERSION}_linux_amd64.tar.gz | tar -C /usr/local/bin -xz --no-same-owner \
+    && chmod +x /usr/local/bin/kubedock
+COPY --chown=0:0 kubedock_setup.sh /usr/local/bin/kubedock_setup
+
+# Configure Podman wrapper
+ENV PODMAN_WRAPPER_PATH=/usr/bin/podman.wrapper
+ENV PODMAN_ORIGINAL_PATH=/usr/bin/podman.orig
+COPY --chown=0:0 podman-wrapper.sh "${PODMAN_WRAPPER_PATH}"
+
+COPY --chown=0:0 podman-wrapper.sh /usr/bin/podman.wrapper
+RUN mv /usr/bin/podman /usr/bin/podman.orig
+
 COPY --chown=0:0 entrypoint.sh /
 COPY --chown=0:0 .stow-local-ignore /home/tooling/
 RUN \

base/ubi8/entrypoint.sh

@@ -1,16 +1,5 @@
 #!/bin/bash
 
-# Ensure $HOME exists when starting
-if [ ! -d "${HOME}" ]; then
-  mkdir -p "${HOME}"
-fi
-
-# Add current (arbitrary) user to /etc/passwd and /etc/group
-if ! whoami &> /dev/null; then
-  if [ -w /etc/passwd ]; then
-    echo "${USER_NAME:-user}:x:$(id -u):0:${USER_NAME:-user} user:${HOME}:/bin/bash" >> /etc/passwd
-    echo "${USER_NAME:-user}:x:$(id -u):" >> /etc/group
-  fi
-fi
+source kubedock_setup
 
 exec "$@"

base/ubi8/kubedock_setup.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+
+# Kubedock setup script meant to be run from the entrypoint script.
+
+if [ "${KUBEDOCK_ENABLED:-false}" = "true" ]; then
+  echo
+  echo "Kubedock is enabled (env variable KUBEDOCK_ENABLED is set to true)."
+
+  SECONDS=0
+  KUBEDOCK_TIMEOUT=${KUBEDOCK_TIMEOUT:-10}
+  until [ -f $KUBECONFIG ]; do
+    if ((SECONDS > KUBEDOCK_TIMEOUT)); then
+      break
+    fi
+    echo "Kubeconfig doesn't exist yet. Waiting..."
+    sleep 1
+  done
+
+  if [ -f $KUBECONFIG ]; then
+    echo "Kubeconfig found."
+
+    KUBEDOCK_PARAMS=${KUBEDOCK_PARAMS:-"--reverse-proxy --kubeconfig $KUBECONFIG"}
+
+    echo "Starting kubedock with params \"${KUBEDOCK_PARAMS}\"..."
+
+    kubedock server ${KUBEDOCK_PARAMS} >/tmp/kubedock.log 2>&1 &
+
+    echo "Done."
+
+    echo "Replacing podman with podman-wrapper..."
+
+    ln -f -s /usr/bin/podman.wrapper /home/tooling/.local/bin/podman
+
+    export TESTCONTAINERS_RYUK_DISABLED="true"
+    export TESTCONTAINERS_CHECKS_DISABLE="true"
+
+    echo "Done."
+    echo
+  else
+    echo "Could not find Kubeconfig at $KUBECONFIG"
+    echo "Giving up..."
+  fi
+else
+  echo
+  echo "Kubedock is disabled. It can be enabled with the env variable \"KUBEDOCK_ENABLED=true\""
+  echo "set in the workspace Devfile or in a Kubernetes ConfigMap in the developer namespace."
+  echo
+  ln -f -s /usr/bin/podman.orig /home/tooling/.local/bin/podman
+fi

universal/ubi8/Dockerfile

@@ -44,7 +44,7 @@ RUN curl -fsSL "https://get.sdkman.io/?rcupdate=false" | bash \
              && sdk install jbang \
              && sdk flush archives \
              && sdk flush temp" \
-    && chgrp -R 0 /home/tooling && chmod -R g=u /home/tooling
+         && chgrp -R 0 /home/tooling && chmod -R g=u /home/tooling
 
 # sdk home java <version>
 ENV JAVA_HOME_8=/home/tooling/.sdkman/candidates/java/8.0.402-tem
@@ -96,12 +96,6 @@ ENV KUBECONFIG=/home/user/.kube/config
 
 USER 0
 
-# Define user directory for binaries
-RUN mkdir -p /home/tooling/.local/bin && \
-    chgrp -R 0 /home && chmod -R g=u /home
-ENV PATH="/home/user/.local/bin:$PATH"
-ENV PATH="/home/tooling/.local/bin:$PATH"
-
 # Required packages for AWT
 RUN dnf install -y libXext libXrender libXtst libXi
 
@@ -206,46 +200,11 @@ ENV TKN_VERSION=1.14.0
 RUN curl -L https://mirror.openshift.com/pub/openshift-v4/clients/pipelines/${TKN_VERSION}/tkn-linux-amd64.tar.gz | tar -C /usr/local/bin -xz --no-same-owner \
     && chmod +x /usr/local/bin/tkn /usr/local/bin/opc /usr/local/bin/tkn-pac
 
-## podman buildah skopeo
-RUN dnf -y module enable container-tools:rhel8 && \
-    dnf -y update && \
-    dnf -y reinstall shadow-utils && \
-    dnf -y install podman buildah skopeo fuse-overlayfs
 RUN echo 'alias docker=podman' >> ${PROFILE_EXT}
 
-# Set up environment variables to note that this is
-# not starting with usernamespace and default to
-# isolate the filesystem with chroot.
-ENV _BUILDAH_STARTED_IN_USERNS="" BUILDAH_ISOLATION=chroot
-
-# Tweaks to make rootless buildah work
-RUN touch /etc/subgid /etc/subuid  && \
-    chmod g=u /etc/subgid /etc/subuid /etc/passwd  && \
-    echo user:10000:65536 > /etc/subuid  && \
-    echo user:10000:65536 > /etc/subgid
-
-# Adjust storage.conf to enable Fuse storage.
-RUN sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' /etc/containers/storage.conf
-RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers; \
-    touch /var/lib/shared/overlay-images/images.lock; \
-    touch /var/lib/shared/overlay-layers/layers.lock
-
-# But use VFS since we were not able to make Fuse work yet...
-RUN mkdir -p "${HOME}"/.config/containers && \
-   (echo '[storage]';echo 'driver = "vfs"') > "${HOME}"/.config/containers/storage.conf
-
 # Configure container engine
 COPY --chown=0:0 containers.conf /etc/containers/containers.conf
 
-# Install kubedock
-ENV KUBEDOCK_VERSION 0.15.5
-RUN curl -L https://github.com/joyrex2001/kubedock/releases/download/${KUBEDOCK_VERSION}/kubedock_${KUBEDOCK_VERSION}_linux_amd64.tar.gz | tar -C /usr/local/bin -xz --no-same-owner \
-    && chmod +x /usr/local/bin/kubedock
-
-# Configure the podman wrapper
-COPY --chown=0:0 podman-wrapper.sh /usr/bin/podman.wrapper
-RUN mv /usr/bin/podman /usr/bin/podman.orig
-
 ENV K8S_VERSION=1.28
 ## kubectl
 RUN <<EOF

universal/ubi8/entrypoint.sh

@@ -1,52 +1,6 @@
 #!/bin/bash
 
-# Kubedock
-if [ "${KUBEDOCK_ENABLED:-false}" = "true" ]; then
-    echo
-    echo "Kubedock is enabled (env variable KUBEDOCK_ENABLED is set to true)."
-
-    SECONDS=0
-    KUBEDOCK_TIMEOUT=${KUBEDOCK_TIMEOUT:-10}
-    until [ -f $KUBECONFIG ]; do
-        if (( SECONDS > KUBEDOCK_TIMEOUT )); then
-            break 
-        fi
-        echo "Kubeconfig doesn't exist yet. Waiting..."
-        sleep 1
-    done
-
-    if [ -f $KUBECONFIG ]; then 
-        echo "Kubeconfig found."
-
-        KUBEDOCK_PARAMS=${KUBEDOCK_PARAMS:-"--reverse-proxy --kubeconfig $KUBECONFIG"}
-
-        echo "Starting kubedock with params \"${KUBEDOCK_PARAMS}\"..."
-
-        kubedock server ${KUBEDOCK_PARAMS} > /tmp/kubedock.log 2>&1 &
-
-        echo "Done."
-
-        echo "Replacing podman with podman-wrapper..."
-
-        ln -f -s /usr/bin/podman.wrapper /home/tooling/.local/bin/podman
-
-        export TESTCONTAINERS_RYUK_DISABLED="true"
-        export TESTCONTAINERS_CHECKS_DISABLE="true"
-
-        echo "Done."
-        echo
-    else 
-        echo "Could not find Kubeconfig at $KUBECONFIG"
-        echo "Giving up..."
-    fi
-else
-    echo
-    echo "Kubedock is disabled. It can be enabled with the env variable \"KUBEDOCK_ENABLED=true\""
-    echo "set in the workspace Devfile or in a Kubernetes ConfigMap in the developer namespace."
-    echo
-    ln -f -s /usr/bin/podman.orig /home/tooling/.local/bin/podman
-fi
-
+source kubedock_setup
 
 # Stow
 ## Required for https://github.com/eclipse/che/issues/22412